GDPR: DATA PRIVACY NOTICE.
- Why have you been given this privacy notice?
Delight Supported Living Limited is a “data controller”. This means that we are required under data protection legislation to notify you of how we will process your personal data both during the employment relationship and post termination. This notice will explain how we collect your personal data, its use, storage, transfer and security. We will also explain what rights you have in relation to how we process your personal data. It is important that you read this notice, together with any other privacy notice we may provide during your employment, so that you are aware of how and why we are processing your personal data. This notice does not form part of any contract of employment or other contract to provide services. We may update this notice at any time.
- What are our obligations to you in relation to how we process your personal data?
We are required by law to ensure that when processing any of your personal data that it is:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept in a form which permits you to be identified for only as long as necessary for the purposes we have told you about.
- Kept securely.
- What personal data will we collect, use and store about you?
- Your name, salutation, addresses, contact numbers, and personal email addresses
- Date of birth
- Gender
- Next of kin and emergency contact information
- National Insurance number
- Bank account details, payroll records and tax status information
- Salary, annual leave, pension and benefits information
- Start date
- Location of employment or workplace
- Copy of driving license(if applicable)
- Recruitment information (including copies of right to work documentation, reference and other information included in a CV or cover letter or as part of the application process)
- Employment records (including job titles, work history, working hours, training records and professional memberships)
- Compensation history
- Performance information
- Disciplinary and grievance information
- CCTV footage and other information obtained through electronic means such as door fobs records, performance monitoring software records
- Information about your use of our information and communications systems
- Photographs
We may also collect, store and use the following “special categories” of more sensitive personal information:
- Information about your race or ethnicity, religious beliefs, sexual orientation and political opinions
- Trade union membership
- Information about your health, including any medical condition, health and sickness records
- Genetic information and biometric data
- Information about criminal convictions and offences
- How do we collect your personal data?
We collect your personal data by a variety of means. At recruitment stage we have already collected data through the application process directly from you. We may sometimes collect additional information from third parties including former employers,
Whilst you are working with us periodically we may need to collect additional personal information from you not identified on the above list but before doing so we will provide you with a written notice setting out details of the purpose and the lawful basis of why we are collecting that data, its use, storage and your rights.
- How will we use your personal data?
For the most part we will use your personal data for one of the following lawful bases:
- Where we need to perform the contract we have entered into with you.
- Where we need to comply with a legal obligation.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
There are other rare occasions where we may use your personal data, which are:
- Where we need to protect your interests (or someone else’s interests).
- Where it is needed in the public interest or for official purposes
6. When will we use your personal data?
During your employment and for a short period after the relationship has ended, we will use your personal information for specific purposes. The list below describes the purpose of our processing, the personal data involved (from clause 3 above) and the lawful basis for our processing (from clause 5 above):
- Determining the terms on which you work for us
- Checking your right to work in the UK
- When making payments to you to also include any necessary tax and NI deductions
- Liaising with your pension provider and making payments
- Administration related to the performance of a contract of employment
- Business management and work force planning, including accounting and auditing
- Conducting and managing reviews of performance and determining performance requirements
- Making decisions regarding remuneration
- Making decisions regarding promotions to include assessing qualifications for a particular role
- Gathering evidence for a possible disciplinary or gathering evidence in respect of an informal complaint or grievance
- Making decisions about your continued employment or engagement
- Making arrangements for the termination of our working relationship
- Education, training and development requirements
- Dealing with legal disputes involving you or other employees, workers and contractors, including accidents at work
- Managing sickness absence, ascertaining your fitness to work
- Complying with health and safety obligations, completion of accident book and RIDDOR reporting
- Prevention of fraud through CCTV monitoring
- Monitoring use of our information and communication systems to ensure compliance with our internal procedures and prevention of security lapses and breach of data protection laws
- Preventing malicious software distribution
- Gathering data analytics to assess retention and attrition rates
- Equal opportunities monitoring
It’s possible that some of the grounds for processing will overlap.
- Your failure to provide information
We will only ask you to provide information which we believe is necessary for the performance of the contractual employment relationship (for example bank account details to pay you) or our associated legal obligations (for example giving salary information to HMRC). If you fail to provide certain information when requested we may not be able to meet our contractual obligations to you or we may not be able to fulfil our legal obligations.
- What happens if we need to use your personal data for a new purpose?
We will only use your personal data for the stated purposes, unless we consider that there is a need to use it for another reason and that reason is compatible with the original purpose. However, if we consider that it is necessary and reasonable to use your personal data for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so.
There may be circumstances where we have to process your personal data without your knowledge or consent, where this is required by law and in compliance with the above rules.
- How do we use your sensitive personal information data?
Any personal data which reveals your, ethnic origin, political opinions, religious and philosophical beliefs, trade union membership, genetic, biometric or health data, sex life and sexual orientations will be regarded as special categories of personal data. We will only use this data in the following ways:
- In order to comply with employment and other laws when processing and managing situations connected with absences arising in relation to your sickness or family/dependent related leave.
- To ensure we meet our health and safety obligations towards you and other employment related obligations we will use information about your physical or mental health or disability status to assess your capability to perform your role, monitor and manage your sickness absence, provide appropriate workplace adjustments and administer health related benefits.
- Where it is needed in the public interest, for example for equal opportunity monitoring and reporting.
There may be circumstances where we need to process this type of information for legal claims or to protect your interests (or someone else’s) and you are not able capable of giving your consent or where the relevant information has already been made public.
- Do we need your consent to use sensitive personal data?
If we are using your personal sensitive data in accordance with our written policy to perform our legal obligations or exercise specific rights connected to your employment, in these circumstances we do not need your written consent to use sensitive personal data.
However, in limited circumstances, we may request your written consent to allow us to process your sensitive personal data. For example, your written consent will be required before we instruct a medical practitioner to prepare a medical report. If, it becomes necessary to request your consent to process your sensitive personal data, we will provide you with details of the information that we require and why we need it, so that you can decide whether you wish to provide your consent. It is not a condition of your contract of employment with us that you must agree to any request for consent. Giving consent will always be a decision made by your freewill/choice.
- Criminal convictions
- Where permitted by applicable law, we envisage that we may hold information about criminal convictions
- We will only collect information about criminal convictions if it is appropriate given the nature of the role and duties you will perform and where we are legally entitled to do so
- We will use information about criminal convictions and offences in the following ways:
- Criminal activity allegations
- Fraud
- Investigations proceedings
- We are allowed to use your personal information in this way to carry out our obligations to comply with the law, or where it is in the substantial public interest for us to do so
- We have in place policy and safeguards which we are required by law to maintain when processing this data
- Automated decision making
It is our intention that you will not be subject to automated decision making which will have a significant impact on you, unless we have a lawful reason for doing so and we have notified you.
- Will we share your personal data with third parties?
In order to meet our legal obligations connected with your employment relationship it is necessary to share your personal information with certain third parties (see below). We also need to share your data when we have legitimate business reasons for doing so and also where it is necessary in order to perform your contract.
- Which third party service providers will we share your personal data with?
The following third-party service providers process personal information about you for the following purposes:
- Payroll
- Pension administration
- IT services
- To clients for audit purposes
- For right to work checks
- Former employers for refrences
- For background checks to obtain criminal records checks.
We may share your personal information with other third parties, for example in the context of the possible sale or restructuring of the business. We may also need to share your personal information with a regulator or to otherwise comply with the law.
- Third party service providers and data security
Third party service providers are only permitted to process your personal data in accordance with our specified instructions. They are also required to take appropriate measures to protect your privacy and personal information. We do not allow your information to be used by the third parties for its own purposes and business activities.
- Will we share your personal data with other entities within our business group?
As a consequence of the need to report on business performance, accounting, internal business transformations and IT activity your personal data will be shared with other entities within the business group
- Will we transfer your personal data outside of the European Economic Area (EEA)?
Only for possible IT issues. If the company we use is non-UK-based. We will have an IDTA (International data transfer agreement), Risk assessment and a Data processing agreement in place with the company, to comply with the current UK GDPR as per ICO guidance. All data is stored in the UK.
- How do we ensure your personal data is secure?
We take your privacy and protection of data very seriously. Consequently, we have put in place appropriate security measures to prevent unauthorised use of your personal data. Details of the measures which are in place can be obtained from HR Department. We will notify you and any applicable regulator of any suspected unauthorised use of your personal data.
- How long will we keep your personal data?
We will retain your personal data for as long as is necessary to fulfil the purposes for which it was collected for. Details of retention periods for specific purposes are available in our data retention policy. When your employment relationship comes to an end with our business we will either retain or securely destroy your personal data in accordance with our data retention policy or other applicable laws and regulations.
- Your duty to inform us of any changes
In order that we can ensure that the personal data we hold in relation to you is accurate, it is important that you keep us informed of any changes to that data.
- What rights do you have in respect of how we use your personal data?
Subject to legal limitations you have the right to:
- Request access to your data: You can ask us to provide a copy of the personal data we hold about you.
- Request corrections to be made to your data: If you think that your personal data is incomplete, inaccurate you can ask us to correct it.
- Request erasure of your data: If you consider there is no lawful basis for us to continue processing your data you can ask for that data to be deleted or removed.
- Object to the processing of your data: If our lawful basis for processing your data relates to a legitimate business interest (or third party interest) you can raise an objection to that interest. You can also object to us using your information for direct marketing purposes.
- Request that processing restrictions be put in place: If you believe that your information is being processed without a lawful reason or that the information is incorrect you can request that a freeze/restricting is placed on the processing of the information until your concerns are addressed.
- Request a transfer of your personal data: You can ask us to transfer your personal data to a third party.
If you wish to exercise any of the above rights please contact our HR Department.
- Will I have to pay a fee?
You will not be expected to pay a fee to obtain your personal data unless we consider that your request for access to data is unfounded or excessive. In these circumstances we may charge you a reasonable fee or refuse to comply with your request.
- Confirmation of identity
Whenever you make a request for access to personal data, we may request specific information to confirm your identity. This is usually done to ensure that we are releasing personal data to the correct person.
- Right to withdraw your consent
If we have asked for your written consent to obtain information, you have the right to withdraw your consent at any time. To withdraw your consent please contact HR Department. Once we receive your notice of withdrawal we will cease processing your data unless we have any other lawful basis on which to continue processing that data.
- Important information about this privacy notice
We reserve the right to amend or update this privacy notice at any time. We will provide you with a new notice when we make any updates.
- How to make a complaint
To exercise all relevant rights, queries or complaints please in the first instance contact us. If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioners Office on 03031231113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England.